On Fri, Jan 28, 2011 at 2:13 PM, Michael Nordman <[email protected]> wrote: > On Thu, Jan 27, 2011 at 8:30 PM, Jonas Sicking <[email protected]> wrote: >> On Thu, Jan 27, 2011 at 5:16 PM, Michael Nordman <[email protected]> wrote: >>> A CORS based answer to this would work for the folks that have >>> expressed an interest in this capability to me. >>> >>> cc'ing some other appcache implementors too... any thoughts? >> >> CORS has the semantics of "you're allowed to make these types of >> requests to this resource, and you're allowed to read the response >> from such requests". This is very different from what is being >> requested here as I understand it? >> >> So either we'd need to add more headers to CORS, or come up with some >> other header-based solution I think. >> >> / Jonas > > Seems like CORS describes a protocol more than prescribes semantics? > Is it really necessary to build up another protocol. From the > abstract, > "Specifications that enable an API to make cross-origin requests to > resources can use the algorithms defined by this specification."
As long as you don't confuse webauthors. I.e. if an author sends: access-control-allow-origin: * that *only* means that any site can read that response. I.e. that it doesn't come with any unrelated side effects such as cache pinning or the like. / Jonas
